Re: silly question about /dev/log (fwd)

To: Debian User List <debian-user@lists.debian.org>
Subject: Re: silly question about /dev/log (fwd)
From: Pere Camps <pere@casal.upc.es>
Date: Mon, 5 Jul 1999 23:36:18 +0200 (CET)
Message-id: <[🔎] Pine.LNX.3.96.990705233528.5738A-100000@casal.upc.es>

Hi!

	Is debian prepared for having these special kind of permissions
for /dev/log?

-- p.

---------- Forwarded message ----------
Date: Mon, 5 Jul 1999 13:58:56 +0100 (GMT)
From: Chris Evans <chris@ferret.lmh.ox.ac.uk>
To: Mike Johnson <mike@enoch.org>
Cc: security-audit@ferret.lmh.ox.ac.uk
Subject: Re: silly question about /dev/log

On Mon, 5 Jul 1999, Mike Johnson wrote:

> While looking for world writeable files/directories on one of my Linux
> boxes, I came up with this (to me) surprise:
> srw-rw-rw-   1 root     root            0 Jul  4 04:02 /dev/log

Yes, I also hate this legacy UNIX design flaw.

A simple step in the right direction would be

srw-rw----  1 root     log      0 Jul  4 04:02 /dev/log

Then, we analyse what really _needs_ to write to the log, and give out the
relevant permission.

Note that most of the stuff that you _really_ want logged, is logged by
things running as root anyway, e.g. login failures, connection attempts,
kernel logs.

Essentially, the approach of changing /dev/log permissions as above, and
seeing what breaks, would be both interesting and useful.

Chris

Reply to:

Prev by Date: Just my opinion
Next by Date: Re: Just my opinion
Previous by thread: Re: Just my opinion
Next by thread: KDE1.1: startkde?
Index(es):
- Date
- Thread